registry  /  @clerk/ui  /  1.24.1

@clerk/ui@1.24.1

Internal package that contains the UI components for the Clerk frontend SDKs

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a Clerk React UI bundle with user-invoked authentication, organization, billing, API-key, and dev prompt flows.

Static reason
One or more suspicious static signals were detected.
Trigger
Application imports or renders @clerk/ui components, or explicitly imports @clerk/ui/register.
Impact
Expected Clerk UI behavior; no persistence, credential harvesting, lifecycle mutation, or unauthorized exfiltration found.
Mechanism
React UI bundle and Clerk SDK method calls
Rationale
Static inspection shows a published Clerk UI component package with no lifecycle hooks and no source evidence of malware primitives beyond browser UI actions aligned with authentication/product features. Scanner hits for network, protestware-like text, and secrets are explained by docs/dashboard links and UI flows for backup codes, TOTP, and API keys.
Evidence
package.jsonregister/index.mjsregister/index.cjsdist/index.jsdist/entry.jsdist/server.jsdist/components/UserProfile/MfaBackupCodeList.jsdist/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.jsdist/no-rhc/components/devPrompts/KeylessPrompt/index.js
Network endpoints5
dashboard.clerk.com/~/organizations-settingsclerk.com/docs/guides/organizations/overviewdashboard.clerk.com/last-activego.clerk.com/componentssolana.com/solana-wallets

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json exports only dist/register entries and has no install/preinstall/postinstall lifecycle hooks.
    • register/index.mjs and register/index.cjs only import React packages and set globalThis.__clerkSharedModules.
    • dist/index.js, dist/entry.js, and dist/server.js export ClerkUI/ui objects; no install-time behavior.
    • Search found no fs, child_process, native binary, wasm, shell script, or AI-agent control-surface writes.
    • Network/browser APIs are UI-aligned: dashboard/docs links, organization logo fetch, Clerk environment/resource methods, and user-triggered window.open.
    • Secret-pattern hits are UI text for backup codes/TOTP/API-key display/copy flows, not hardcoded credentials or exfiltration.
    Behavioral surface
    Source
    ChildProcessCryptoNetworkShellWebSocket
    Supply chain
    HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1,504 file(s), 9.31 MB of source, external domains: accounts.google.com, api.mainnet-beta.solana.com, clerk.com, dashboard.clerk.com, fonts.googleapis.com, fonts.gstatic.com, github.com, go.clerk.com, img.clerk.com, img.clerkstage.dev, img.lclclerk.com, reactjs.org, schemas.xmlsoap.org, solana.com, solanamobile.com, stripe.com, www.w3.org

    Source & flagged code

    3 flagged · loading source
    dist/ui-common_ui_2bed30_1.24.1.jsView file
    14patternName = generic_password severity = medium line = 14 matchedText = `}),(0,o...i7)`
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/ui-common_ui_2bed30_1.24.1.jsView on unpkg · L14
    dist/ui-common_ui_821323_1.24.1.jsView file
    1patternName = generic_password severity = medium line = 1 matchedText = "use str...}]);
    Medium
    Secret Pattern

    Hardcoded password in dist/ui-common_ui_821323_1.24.1.js

    dist/ui-common_ui_821323_1.24.1.jsView on unpkg · L1
    dist/ui-common_ui_be75c0_1.24.1.jsView file
    14patternName = generic_password severity = medium line = 14 matchedText = `}),(0,n...i7)`
    Medium
    Secret Pattern

    Hardcoded password in dist/ui-common_ui_be75c0_1.24.1.js

    dist/ui-common_ui_be75c0_1.24.1.jsView on unpkg · L14

    Findings

    6 Medium4 Low
    MediumSecret Patterndist/ui-common_ui_2bed30_1.24.1.js
    MediumNetwork
    MediumProtestware
    MediumStructural Risk Force Deep Review
    MediumSecret Patterndist/ui-common_ui_821323_1.24.1.js
    MediumSecret Patterndist/ui-common_ui_be75c0_1.24.1.js
    LowScripts Present
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings